I think this might be a restriction of the Allow-Access-Control-Origin header spec - could you dynamically return the header for the correct domain depending on the domain that the request was made against?
I think this might be a restriction of the Allow-Access-Control-Origin header spec - could you dynamically return the header for the correct domain depending on the domain that the request was made against?